Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/-sr/bin/python
import sys
import pwn
import string
ALPHA="abcdefghijklmnopqrstuvwxyz0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ !\"#$%&(=>?@" + ")*+,-./" + ":;<[\]^_`y"
#"abcdefghijklmnopqrstuvwxy
MOV13="nopqrstuvwxyz{|}~ !\"#$%&(=>?@ABCDEFG-NOPQRSTUVWXYZ[\]^_`abcdefg)*+,-./01235JKLM" + "6789:;<" + "GHIhijklm'"
CAESAR = "abcdefghijklmnopqrstuvwxyz0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ"
CAESAD = "axje.uidchtnmbrl'poygk,qf;0123456789 AXJE>UIDCHTNMKY:QPRGLVWXJZ"
# retn: tvn{"F"# "yr
# test: tvn{"-"# "yr
# clrx: giant9turtle
out = ""
for i in string.printable:
if i not in ALPHA:
out += i
print out
CODE = {'A': '.-', 'B': '-...', 'C': '-.-.',
'D': '-..', 'E': '.', 'F': '..-.',
'G': '--.', 'H': '....', 'I': '..',
'J': '.---', 'K': '-.-', 'L': '.-..',
'M': '--', 'N': '-.', 'O': '---',
'P': '.--.', 'Q': '--.-', 'R': '.-.',
'S': '...', 'T': '-', 'U': '..-',
'V': '...-', 'W': '.--', 'X': '-..-',
'Y': '-.--', 'Z': '--..',
'0': '-----', '1': '.----', '2': '..---',
'3': '...--', '4': '....-', '5': '.....',
'6': '-....', '7': '--...', '8': '---..',
'9': '----.',
' ': '!'
}
def caesar_generic(data,cipher,plain):
out = ""
for c in data:
d = True
for i in range(0,len(cipher)):
if ord(c) == ord(cipher[i]):
out += plain[i]
d = False
break
if d == True:
print "d is true, missing character %c" % c
out += "."
return out
def caesar(data):
out = ""
for c in data:
d = True
for i in range(0,len(CAESAD)):
if ord(c) == ord(CAESAD[i]):
out += ALPHA[i]
d = False
break
if d == True:
print "d is true, missing character %c" % c
out += "."
return out
def rot13(data):
out = ""
for c in data:
d = True
for i in range(0,len(MOV13)):
if ord(c) == ord(MOV13[i]):
out += ALPHA[i]
d = False
break
if d == True:
print "d is true, missing character %c" % c
out += "."
return out
print rot13("\" '-!%vzzv{t")
# sys.exit(0)
def decrypt(data):
out = ""
for d in data:
for i in CODE.keys():
if d == CODE[i]:
out += i
continue
return out
import re
p = pwn.remote("146.148.102.236",24069)
def countspaces(str_in):
o = []
for i in range(0,len(str_in)):
if str_in[i] == ' ':
o.append(i)
return str(o)
def firstspace(str_in):
o = 0
for c in str_in:
if c == ' ':
return o
o += 1
return o
length_brute_force = {}
pattern_brute = {}
f = open("save.lst","r")
for i in f.readlines():
i_stripped = i.rstrip()
# fiwrite("%s:%s:%d:%s" % (a,x,y,c))
(a,x,y,c) = i_stripped.split(":")
length_brute_force[(int(a),(x,int(y)))] = c
f.close()
f = open("patterns.lst","r")
for i in f.readlines():
i_stripped = i.rstrip()
(cipher,pattern) = i_stripped.split(":")
pattern_brute[cipher] = pattern
f.close()
def save_patterns():
f = open("patterns.lst","w")
for i in pattern_brute.keys():
f.write(i + ":" + pattern_brute[i] + "\n")
f.close()
def add_pattern(in_str):
out_str = ""
for i in in_str:
if i == ' ':
out_str += " "
else:
out_str += "x"
if out_str in pattern_brute.keys():
print "already got it"
else:
pattern_brute[out_str] = in_str
def get_pattern(in_str):
return pattern_brute[in_str]
print "ROUND 1"
while True:
data = p.recv()
print data
if "TUCTF" in data:
break
p.send("!!!!????\n")
data = p.recv()
print data
d = re.search("What is (.*) decrypted?",data)
morsedata = d.group(1)
morse_chars = morsedata.replace(" "," ! ").split(' ')
print decrypt(morse_chars)
encrypteddata = decrypt(morse_chars).lower()
add_pattern(encrypteddata)
c = (countspaces(encrypteddata),firstspace(encrypteddata))
if (len(encrypteddata),c) not in length_brute_force.keys():
print "adding length %d :: %s" % (len(encrypteddata),rot13(encrypteddata))
length_brute_force[(len(encrypteddata),c)] = encrypteddata
else:
if length_brute_force[(len(encrypteddata),c)] != encrypteddata:
print "collision : %s vs %s" % (length_brute_force[(len(encrypteddata),c)],encrypteddata)
else:
print "already got it"
p.send(decrypt(morse_chars) + "\n")
save_patterns()
p.send("test\n")
print "STARTING ROUND 2"
print "LEN ALPHA: %d :: LEN MOV13: %d" % (len(ALPHA),len(MOV13))
while True:
data = p.recv()
print data
d = re.search("What is (.*) decrypted?",data)
encrypteddata = d.group(1)
c = (countspaces(rot13(encrypteddata)),firstspace(rot13(encrypteddata)))
add_pattern(rot13(encrypteddata))
if (len(encrypteddata),c) not in length_brute_force.keys():
print "adding length %d :: %s" % (len(encrypteddata),rot13(encrypteddata))
length_brute_force[(len(encrypteddata),c)] = rot13(encrypteddata)
else:
if length_brute_force[(len(encrypteddata),c)] != rot13(encrypteddata):
print "collision : %s vs %s" % (length_brute_force[(len(encrypteddata),c)],rot13(encrypteddata))
else:
print "already got it"
print encrypteddata + "::"+ rot13(encrypteddata)
p.send(rot13(encrypteddata) + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send("MNOPQRSTUVWXYZ\n")
save_patterns()
f = open("save.lst","w")
for i in length_brute_force.keys():
(a,b) = i
(x,y) = b
c = length_brute_force[i]
f.write("%s:%s:%d:%s\n" % (a,x,y,c))
f.close()
print length_brute_force
p.send("AAAA\n")
print "STARTING ROUND 3"
while True:
data = p.recv()
print data
d = re.search("What is (.*) decrypted?",data)
encrypteddata = d.group(1)
d = (countspaces(encrypteddata),firstspace(encrypteddata))
c = length_brute_force[(len(encrypteddata),d)]
print c
p.send(c + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send("x\n") # give me some sample text
ROUND4_CIPHER = "abcdefghijklmnopqrstuvxy" + "wz0123456789 "
ROUND4_PLAINT = "UVWXYZ[\]^_`abcdefghijlm" + "47LMNOPQRSTU<"
print "STARTING ROUND 4"
p.send(" \n")
while True:
data = p.recv()
print data
i = re.search("encrypted is (.)",data)
x = i.group(1)
spacechar = str(x)[0]
print "space char is %c" % spacechar
d = re.search("What is (.*) decrypted?",data)
encrypteddata1 = d.group(1)
if spacechar != " ":
encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
else:
encrypteddata2 = encrypteddata1
encrypteddata = encrypteddata2.replace(spacechar," ")
d = (countspaces(encrypteddata),firstspace(encrypteddata))
c = length_brute_force[(len(encrypteddata),d)]
# c = caesar_generic(encrypteddata,ROUND4_CIPHER,ROUND4_PLAINT)
print c
p.send(c + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send(" \n") # give me some sample text
print "STARTING ROUND 5"
p.send(" \n")
while True:
data = p.recv()
print data
i = re.search("encrypted is (.)",data)
x = i.group(1)
spacechar = str(x)[0]
print "space char is %c" % spacechar
d = re.search("What is (.*) decrypted?",data)
encrypteddata1 = d.group(1)
# encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
if spacechar != " ":
encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
else:
encrypteddata2 = encrypteddata1
encrypteddata = encrypteddata2.replace(spacechar," ")
d = (countspaces(encrypteddata),firstspace(encrypteddata))
c = length_brute_force[(len(encrypteddata),d)]
# c = caesar_generic(encrypteddata,ROUND4_CIPHER,ROUND4_PLAINT)
print c
p.send(c + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send(" \n") # give me some sample text
print "STARTING ROUND 6"
p.send(" \n")
while True:
data = p.recv()
print data
i = re.search("encrypted is (.)",data)
x = i.group(1)
spacechar = str(x)[0]
print "space char is %c" % spacechar
d = re.search("What is (.*) decrypted?",data)
encrypteddata1 = d.group(1)
# encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
if spacechar != " ":
encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
else:
encrypteddata2 = encrypteddata1
encrypteddata = encrypteddata2.replace(spacechar," ")
d = (countspaces(encrypteddata),firstspace(encrypteddata))
c = length_brute_force[(len(encrypteddata),d)]
# c = caesar_generic(encrypteddata,ROUND4_CIPHER,ROUND4_PLAINT)
print c
p.send(c + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send(" \n") # give me some sample text
print "STARTING ROUND 7"
p.send(" \n")
while True:
data = p.recv()
print data
i = re.search("encrypted is (.*)\n",data)
x = str(i.group(1))
d = re.search("What is (.*) decrypted?",data)
encrypteddata2 = ""
encrypteddata1 = d.group(1)
for i in range(0,len(encrypteddata1)):
if encrypteddata1[i] == x[i]:
encrypteddata2 += " "
else:
encrypteddata2 += "x"
# encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
encrypteddata = encrypteddata2
c = get_pattern(encrypteddata)
# d = (countspaces(encrypteddata),firstspace(encrypteddata))
# c = length_brute_force[(len(encrypteddata),d)]
# c = caesar_generic(encrypteddata,ROUND4_CIPHER,ROUND4_PLAINT)
print c
p.send(c + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send(" \n")
print "STARTING ROUND 8"
p.send(" \n")
while True:
data = p.recv()
f = open("round8.out","wb")
f.write(data)
f.close()
print data
i = re.search("encrypted is (.*)\n",data)
x = str(i.group(1))
d = re.search("What is (.*) decrypted?",data)
encrypteddata2 = ""
encrypteddata1 = d.group(1)
for i in range(0,len(encrypteddata1)):
if encrypteddata1[i] == x[i]:
encrypteddata2 += " "
else:
encrypteddata2 += "x"
# encrypteddata2 = encrypteddata1.replace(" ",chr(ord(spacechar) + 1))
encrypteddata = encrypteddata2
c = get_pattern(encrypteddata)
# d = (countspaces(encrypteddata),firstspace(encrypteddata))
# c = length_brute_force[(len(encrypteddata),d)]
# c = caesar_generic(encrypteddata,ROUND4_CIPHER,ROUND4_PLAINT)
print c
p.send(c + "\n")
data = p.recv()
print data
if "TUCTF" in data:
break
p.send(" \n")
print "STARTING ROUND 9"
p.send(" \n")
print p.recv()
p.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.